forked from lazzyfu/goInsight
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.txt
More file actions
232 lines (187 loc) · 5.92 KB
/
install.txt
File metadata and controls
232 lines (187 loc) · 5.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
系统:centos7
推荐配置:4核心/8GB内存
关闭selinux
部署:
# 按照依赖包
yum -y install epel-release
yum -y install net-tools vim lsof lrzsz bzip2-devel gcc gcc-c++ make automake unzip curl curl-devel perl perl-devel expat expat-devel zlib zlib-devel asciidoc xmlto gettext-devel openssl-devel openssl mlocate python-devel openldap-devel readline-devel git
# 安装Python-3.6.4
# 不指定安装位置,默认安装到/usr/local/bin目录下
wget https://www.python.org/ftp/python/3.6.4/Python-3.6.4.tgz
tar -zxf Python-3.6.4.tgz
./configure --enable-optimizations
make && make install
# 激活python虚拟环境
/usr/local/bin/pip3.6 install --upgrade pip
/usr/local/bin/pip3.6 install virtualenv -i https://mirrors.aliyun.com/pypi/simple
/usr/local/bin/virtualenv /venv_py36 --python=/usr/local/bin/python3.6
echo "source /venv_py36/bin/activate" >> /root/.bashrc
source /root/.bashrc
# Clone项目代码
mkdir /data/web -p
cd /data/web
git clone https://github.com/lazzyfu/AuditSQL.git sqlaudit
# 安装python依赖包
cd /data/web/sqlaudit/
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple
# 安装uwsgi网关
pip install uwsgi
# 安装MySQL
yum -y install https://repo.percona.com/yum/percona-release-latest.noarch.rpm
yum -y install Percona-Server-server-57 Percona-Server-devel-57
service mysql start
grep 'temporary password' /var/log/mysqld.log
# 修改密码和创建库(必须utf8,否则初始化失败)
alter user root@'localhost' identified by '!QAZwsx123';
create database sqlaudit character set utf8;
# 初始化表结构
cd /data/web/sqlaudit/sqlaudit/
cp settings-bak.py settings.py
vim settings.py
```
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'sqlaudit',
'USER': 'root',
'HOST': 'localhost',
'PASSWORD': '!QAZwsx123', # 此处密码需要更新为: !QAZwsx123
'OPTIONS': {
'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
'charset': 'utf8mb4',
}
}
}
```
mkdir /data/web/sqlaudit/logs
python manage.py migrate
# 初始化数据
mysql -uroot -p'!QAZwsx123' sqlaudit < initialization_data.sql
# 处理静态文件
python manage.py collectstatic
# 安装redis
# redis使用默认配置即可
yum -y install redis
service redis start
# 安装nginx
useradd nginx -s /bin/bash # 此处必须能登陆,celery服务需要使用
yum -y install nginx
chown -R nginx. /data/web/sqlaudit/
vim /etc/nginx/conf.d/nginx.conf
```
server {
listen 8000;
server_name sqlaudit.example.com;
charset utf-8;
# max upload size
client_max_body_size 75M;
# django media directory
location /media {
alias /data/web/sqlaudit/media;
}
# django static directory
location /static {
alias /data/web/sqlaudit/static;
}
# uwsgi 反向代理
location / {
uwsgi_pass unix://///data/web/sqlaudit_uwsgi.sock;
uwsgi_read_timeout 600;
# the uwsgi_params file you installed
include /etc/nginx/uwsgi_params;
}
# daphne 反向代理
location /ws {
proxy_pass http://0.0.0.0:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
}
location /ssh {
proxy_pass http://0.0.0.0:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 36000s;
}
}
```
vim /etc/nginx/conf.d/sqlaudit_uwsgi.ini
```
[uwsgi]
uid = nginx
chdir = /data/web/sqlaudit
module = sqlaudit.wsgi
home = /venv_py36
socket = /data/web/sqlaudit_uwsgi.sock
master = true
processes = 8
max-requests = 6000
chmod-socket = 664
vacuum = true
enable-threads = true
single-interpreter = true
daemonize = /var/log/uwsgi.log
```
# 启动服务
service nginx start
uwsgi --ini /etc/nginx/conf.d/sqlaudit_uwsgi.ini
# 启动daphne服务
cd /data/web/sqlaudit
nohup daphne -b 0.0.0.0 -p 8001 -v2 sqlaudit.asgi:application &
# 配置celery服务
vim /etc/init.d/celeryd
# 拷贝文件init.d_celeryd.txt --> /etc/init.d/celeryd
vim /etc/default/celeryd
# 拷贝文件default_celeryd.txt --> /etc/default/celeryd
# 安装gh-ost
# 可以去github下载最新版本安装即可
rpm -ivh https://github.com/github/gh-ost/releases/download/v1.0.48/gh-ost-1.0.48-1.x86_64.rpm
# 配置Inception
# Inception作为语法审核
# 修改为inception服务的地址
vim settings.py
```
# Inception配置
# 用于语法检测
INCEPTION_HOST = '10.10.1.202'
INCEPTION_PORT = 6033
```
# 最后访问Nginx配置文件里面的域名即可
# 请确保如下服务正常启动
service redis restart
service mysql restart
service nginx restart
/etc/init.d/celery restart
ps -ef |grep uwsgi
# 启动命令为:uwsgi --ini /etc/nginx/conf.d/sqlaudit_uwsgi.ini
ps -ef |grep daphne
# 启动命令为:nohup daphne -b 0.0.0.0 -p 8001 -v2 sqlaudit.asgi:application &
FAQ:
1. 解决pymysql不兼容inception的问题
vim /venv_py36/lib/python3.6/site-packages/pymysql/connections.py
```
self.server_version = '5.7.18-16-log' # 增加此行
if int(self.server_version.split('.', 1)[0]) >= 5:
self.client_flag |= CLIENT.MULTI_RESULTS
```
vim /venv_py36/lib/python3.6/site-packages/pymysql/cursors.py
```
if not self._defer_warnings:
#self._show_warnings()
pass
```
2. 什么时候需要重启uwsgi服务
git pull或者修改了python代码,需要重启uwsgi服务